Vulnerabilidades en KDE
18 resultadosCVE-2012-4512—The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possiblyEPSS 11.7%CVE-2024-1433LOWKDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversalEPSS 0.8%CVE-2025-49091HIGHKDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a sEPSS 0.6%CVE-2024-57966MEDIUMlibarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.EPSS 0.3%CVE-2025-69412LOWKDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which miEPSS 0.2%CVE-2025-66270MEDIUMThe KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on deskEPSS 0.2%CVE-2025-59820MEDIUMIn KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.EPSS 0.2%CVE-2026-41526MEDIUMIn KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This EPSS 0.2%CVE-2026-42095MEDIUMbookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL.EPSS 0.2%CVE-2025-32901MEDIUMIn KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.EPSS 0.2%CVE-2025-32899MEDIUMIn KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid diEPSS 0.2%CVE-2026-45184MEDIUMKdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.EPSS 0.1%CVE-2026-25710HIGHThe new upstream added a privileged D-Bus
helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmaEPSS 0.1%CVE-2025-32898MEDIUMThe KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KEPSS 0.1%CVE-2026-41525MEDIUMKDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandboEPSS 0.1%CVE-2025-55174LOWIn KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the parEPSS 0.1%CVE-2026-41527MEDIUMKDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the meEPSS 0.1%CVE-2025-32900MEDIUMIn the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information EPSS 0.1%